Re: Need help with ASP script.

From: Mark Schupp (notvalid_at_email.net)
Date: 11/10/04 

Date: Wed, 10 Nov 2004 07:34:07 -0800

First a nitpick, "there" is used to indicate a location. When talking about
something belonging to a person you use "their".

Actually the approach you mention does not go far enough. Every single page
that you want to protect must include code to verify that the student is
logged on.

1. create a logon page that is shared by everyone
2. when a student logs on set a session variable or temporary cookie
indicating that they are logged on. For example: Session("studentid") =
<whatever student id is in the database>
3. redirect the logged on student to their home page. If all of the student
data is in a database then this page can be built dynamically using a single
ASP page.
4. on all pages that require a student to be logged on (including the home
page) check that the session variable or cookie exists. If it does not then
re-direct them to the login page.

    If Len(Session("studentid")) = 0 Then
        response.redirect "login.asp"
    End If 

-- 
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Bobby" <deabobb@hotmail.com> wrote in message 
news:d013da4.0411092033.504c0a3d@posting.google.com...
> Hello everyone I have a question. The school I am working for is in
> the beginning process of having a webpage that will direct students to
> download there homework and be able to view there info like test
> scores and etc(the homework and info page will reside on our
> webservers at the school on the local intranet network). Now what I
> need is a way for the students to go to a login page and when logging
> in will be automatically directed to there own personal index.htm page
> that will reside in a folder containing all there information and
> homework. I had downloaded a free ASP script which basically uses a
> Access DB to authorize the username and password and gives 2 diffrent
> asp result pages either "Granted" or "No Access". Now the only thing I
> can think of is to put a script in each students virtual directory and
> when getting to there index file have this script run and the results
> will let them in or give them no access but I think that would be way
> to much. So what do you guys recommend and is there any links you know
> that I can get some info from?
>
>
> Here is the code from the free code I got
> -----------------------------------------------------------------------
> <%
> 'Dimension variables
> Dim adoCon 'Database Connection Variable
> Dim strCon 'Holds the Database driver and the path and name of the
> database
> Dim rsCheckUser 'Database Recordset Variable
> Dim strAccessDB 'Holds the Access Database Name
> Dim strSQL 'Database query sring
> Dim strUserName 'Holds the user name
>
> 'Initalise the strUserName variable
> strUserName = Request.Form("txtUserName")
>
> 'Check the database to see if user exsits and read in there password
> 'Initialise the strAccessDB variable with the name of the Access
> Database
> strAccessDB = "users"
>
> 'Create a connection odject
> Set adoCon = Server.CreateObject("ADODB.Connection")
>
> 'Database connection info and driver
> strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein;
> DBQ=" & Server.MapPath(strAccessDB)
>
> 'Set an active connection to the Connection object
> adoCon.Open strCon
>
> 'Create a recordset object
> Set rsCheckUser = Server.CreateObject("ADODB.Recordset")
>
> 'Initalise the strSQL variable with an SQL statement to query the
> database
> strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID
> ='" & strUserName & "'"
>
> 'Query the database
> rsCheckUser.Open strSQL, strCon
>
> 'If the recordset finds a record for the username entered then read in
> the password for the user
> If NOT rsCheckUser.EOF Then
>
> 'Read in the password for the user from the database
> If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
>
> 'If the password is correct then set the session variable to True
> Session("blnIsUserGood") = True
>
> 'Close Objects before redirecting
> Set adoCon = Nothing
> Set strCon = Nothing
> Set rsCheckUser = Nothing
>
> 'Redirect to the authorised user page and send the users name
> Response.Redirect"authorised_user_page.asp?name=" & strUserName
> End If
> End If
>
> 'Close Objects
> Set adoCon = Nothing
> Set strCon = Nothing
> Set rsCheckUser = Nothing
>
> 'If the script is still running then the user must not be authorised
> Session("blnIsUserGood") = False
>
> 'Redirect to the unautorised user page
> Response.Redirect"unauthorised_user_page.htm"
> %>
> -----------------------------------------------------------------------------
> Any help would be appreciated.